Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Why you're not investing enough in IT security

Rodney Byfield | Jan. 16, 2017
Companies choose to invest in the certainty of operational or sales driven initiatives over the relatively unknown realms of information security

Australian Red Cross, Australian Bureau of Statistics, LinkedIn, Kmart, Target, Sony Pictures, Yahoo, British Airways, Last Pass, Home Depot. What do all these companies have in common?

They are just a small portion of the growing number of organisations that have been hacked or had their data or security breached and consequently exposed the personal and in several cases, financial information of millions of customers.

Recently, Red Cross Australia revealed that over half a million blood donor records had been compromised. I was actually impressed with the Red Cross’ ‘front foot’ approach to the breach.

Other companies should take note. Nevertheless, if you’ve ever donated blood at the Red Cross, you know external parties could now have access to some extremely personal information.

Then there is the travesty of the Australian Census debacle. ABS spent millions trying to convince us that our personal data is safe but the agency has also admitted that it doesn’t secure the data itself. Rather, information is managed through a third-party contract with IBM – the very company responsible for a $1.25 billion payroll failure at the QLD government.

So, how safe is your data?

According to the PwC Cybercrime Survey, account and payment based hacks have doubled year on year since 2014. The BBC recently reported that close to 6,000 online payment gateways had been compromised by organised cyber hacking groups – and companies with high, credit card-based transaction volumes are the primary target for these groups.

And believe me, the problem is only going to get worse as businesses become increasingly connected and more services head into the cloud. Add to this the increasing number of employees introducing devices and wearable technology into the business network and it’s easy to see why businesses are so vulnerable to security breaches.

A report from Raytheon estimates that less than one third of businesses are adequately prepared for the risks associated with the Internet of Things.

While IT and data security was once the exclusive domain of IT departments, it has now moved from the server room to the boardroom, with most global CEOs (87 per cent) and Fortune 500 leaders concerned about cyber security and the effect a major security breach will have on their business.

Ok, so we all agree that IT security is a major issue facing all companies. But what has brought on the change? For such a complicated and widespread problem, the reason is actually quite simplistic: budget.

In the 20 plus years that I’ve been involved in the IT industry, I have consistently seen companies make the same mistakes – they choose to invest in the certainty of operational or sales driven initiatives over the relatively unknown realms of information security.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.